I noticed something strange. I want to start with a clean state (everything is blocked) and add rules completely manually (no alerts whatsoever). So I set the firewall mode to Custom Policy Mode, kept Alert Level on Low (because there is no “Off” setting - even “Very Low” will output an alert, according to documentation) and instead cleared all checkboxes on the Alert Settings page. Then I deleted all application rules. I kept the default global rules, because there’s no “allow” rule, only “block” rules.
Then I tried ping www.google.com and, to my surprise, www.google.com got resolved to a valid IP address (though the ping itself timed out). How is that possible? What if I don’t want allow DNS access to some applications? What other hidden rules besides DNS access are there?
The problem with Alerts is that if I show them, the result will be different (domain name will or will not resolve, according to the action I choose). I am concerned about what’s happening when I am not taking conscious actions.
Some rules for the firewall are taken from D+ policies...
If that is so, I will need to reconsider whether or not to use CIS. At the moment I find it intolerable to discover network access rules hidden somewhere outside firewall. How am I supposed to know what else is hidden in various parts of CIS? I need a software that I can rely on!
That’s a bitter disappointment after so recently finding out that CIS does after all support the features I need
The problem is, you’re looking for a stand alone firewall and CIS is not that. You can use the firewall in isolation and you can have total control over what it does, but it’s designed to work as part of a package.
As I said, delete all the application rules, put the alerts on very high and monitor. Once the rule has been created you are free to modify it to your hearts content. Personally, I use my own custom rule set and I got to that by doing what I am suggesting you do.
Don’t forget, you have total control over what any given process or application can and cannot do. You just have to find out what it wants to do first.
